Where is the object mapping for [host] defined?

antoineco · August 16, 2021, 1:10pm

The data I'm sending is not structured and does not contain any host field. This field is injected by Logstash's TCP input.

The behaviour is documented and well understood. Like I said, what I don't understand is what specific behaviour of Elasticsearch prevents the injection of this field, not where the field is coming from.

As a workaround, I'm simply renaming the field in my pipeline as follows, but I'm still a bit frustrated not to be able to find out the source of the issue.

filter {
    if [host] and ![host][name] {
        mutate {
            rename => { "[host]" => "[host][name]" }
        }
    }
}

Topic		Replies	Views
This really helped me on Elastic with Logstash 8.x Elasticsearch	1	173	July 10, 2023
"reason"=>"object mapping for [host] tried to parse field [host] as object, but found a concrete value" Logstash	6	8399	May 19, 2021
[host] is defined as an object in mapping [logs] but this name is already used for a field in other types Elasticsearch	2	1645	February 1, 2019
How to define the host field going forward Logstash	1	298	July 12, 2019
Question about logstash output plugin 7.9 and ecs Logstash ecs-elastic-common-schema	2	439	February 4, 2021

Where is the object mapping for [host] defined?

Related topics